Skip to content

Commit 168fd1f

Browse files
sfc-gh-ppasternysfc-gh-ppasterny
authored
SNOW-2118790: security fixes (#2473)
1 parent 0a13403 commit 168fd1f

File tree

2 files changed

+10
-4
lines changed

2 files changed

+10
-4
lines changed

scripts/packaging/delete_mac_certs.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,10 @@
44
KEYCHAIN_PATH=$HOME/Library/Keychains/login.keychain-db
55

66
# Delete the Developer ID Installer certificate from the keychain
7-
security delete-certificate -c "Developer ID Installer: Snowflake Computing INC. (W4NT6CRQ7U)" "$KEYCHAIN_PATH"
7+
security delete-identity -c "Developer ID Installer: Snowflake Computing INC. (W4NT6CRQ7U)" "$KEYCHAIN_PATH"
88

99
# Delete the Developer ID Application certificate from the keychain
10-
security delete-certificate -c "Developer ID Application: Snowflake Computing INC. (W4NT6CRQ7U)" "$KEYCHAIN_PATH"
10+
security delete-identity -c "Developer ID Application: Snowflake Computing INC. (W4NT6CRQ7U)" "$KEYCHAIN_PATH"
1111

1212
# Inform the user about the successful cleanup
1313
echo "Temporary files cleaned up successfully"

scripts/packaging/load_mac_certs.sh

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,13 @@ APPLE_CERT_DEVELOPER_INSTALLER="apple_dev_installer_cert.p12"
55
APPLE_CERT_DEVELOPER_APPLICATION="apple_dev_application_cert.p12"
66

77
# Decode Developer ID Installer certificate from base64 into temporary file
8-
base64 -d $APPLE_CERT_DEVELOPER_INSTALLER_BASE64 > $APPLE_CERT_DEVELOPER_INSTALLER
8+
base64 -d < $APPLE_CERT_DEVELOPER_INSTALLER_BASE64 > $APPLE_CERT_DEVELOPER_INSTALLER
99

1010
# Check the checksum of the decoded Developer ID Installer certificate
1111
echo "1f9d2dfd1a6dc87c87fe0426a6ee136e $APPLE_CERT_DEVELOPER_INSTALLER" | md5sum -c -
1212

1313
# Decode Developer ID Application certificate from base64 into temporary file
14-
base64 -d $APPLE_CERT_DEVELOPER_APPLICATION_BASE64 > $APPLE_CERT_DEVELOPER_APPLICATION
14+
base64 -d < $APPLE_CERT_DEVELOPER_APPLICATION_BASE64 > $APPLE_CERT_DEVELOPER_APPLICATION
1515

1616
# Check the checksum of the decoded Developer ID Application certificate
1717
echo "658613e0abe5c3187284e9662f18e1f0 $APPLE_CERT_DEVELOPER_APPLICATION" | md5sum -c -
@@ -31,6 +31,9 @@ if [ $? -ne 0 ]; then
3131
exit 1
3232
fi
3333

34+
# reload the keychain to ensure the changes are applied
35+
security set-key-partition-list -S apple-tool:,apple: -k "$MAC_USERNAME_PASSWORD" $KEYCHAIN_PATH
36+
3437
# Import Developer ID Installer certificate to the keychain
3538
security import $APPLE_CERT_DEVELOPER_APPLICATION -k $KEYCHAIN_PATH -P $APPLE_CERT_DEVELOPER_APPLICATION_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/xcrun -T /usr/bin/productsign -T /usr/bin/productbuild
3639

@@ -40,6 +43,9 @@ if [ $? -ne 0 ]; then
4043
exit 1
4144
fi
4245

46+
# reload the keychain to ensure the changes are applied
47+
security set-key-partition-list -S apple-tool:,apple: -k "$MAC_USERNAME_PASSWORD" $KEYCHAIN_PATH
48+
4349
# Inform the user about the successful import
4450
echo "Certificates imported successfully to $KEYCHAIN_PATH"
4551

0 commit comments

Comments
 (0)